I’m reading the man page and looking for the place where GPG instructs users not to render plaintext if an MDC isn’t present on a message. Can someone help me find it?
-
-
Everybody who works in cryptography vulnerabilities is just sort of staring at you slack-jawed. Don’t provide unauthenticated plaintext to callers.
-
Umm, I work in cryptography vulnerabilities - and have published multiple vulnerabilities in this exact area, probably more than most of the people staring at me slack-jawed

- 19 more replies
New conversation -
-
-
there's no need to pick a team. it's pretty clear there are both client bugs and crypto bugs involved. As I tweetet elsewhere you can literally read up the definition of authenticated encryption to see this is a wrong API for an AE. https://cseweb.ucsd.edu/~mihir/papers/oem.html …
-
It's a low-level api that by necessity exposes legacy design choices. Given those constraints, I happen to think they've done okay. gpgme wraps it and provides a modern api for clients to use, and that (of course) handles status messages correctly.
- 1 more reply
New conversation -
-
This Tweet is unavailable.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.